Infility Infility Global
11 CVEs affecting Infility Infility Global. Latest disclosed: 2026-05-20. Critical: 1, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-68865 | Critical | 9.3 | 2026-01-05 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global infility-global allows SQL Injec… |
CVE-2025-12968 | High | 8.8 | 2025-12-12 | The Infility Global plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in all versions up t… |
CVE-2025-47651 | High | 8.5 | 2025-06-09 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global infility-global allows SQL Injec… |
CVE-2025-15268 | High | 7.5 | 2026-02-04 | The Infility Global plugin for WordPress is vulnerable to unauthenticated SQL Injection via the 'infility_get_data' API action in all versions up to, and inclu… |
CVE-2025-68864 | High | 7.1 | 2026-01-22 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global infility-global allows Stored XS… |
CVE-2025-47652 | High | 7.1 | 2025-07-16 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global infility-global allows Reflected… |
CVE-2025-52774 | High | 7.1 | 2025-06-27 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global infility-global allows Reflected… |
CVE-2026-8685 | Medium | 6.5 | 2026-05-20 | The Infility Global plugin for WordPress is vulnerable to SQL Injection via the 'orderby' and 'order' parameters in all versions up to, and including, 2.15.16… |
CVE-2025-47650 | Medium | 6.5 | 2025-08-20 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Infility Infility Global infility-global allows Path Traversal… |
CVE-2024-11496 | Medium | 6.5 | 2025-01-07 | The Infility Global plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the infility_global_ajax funct… |
CVE-2024-12290 | Medium | 6.1 | 2025-01-07 | The Infility Global plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘set_type’ parameter in all versions up to, and including, 2.9… |